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Abstract 


This report attempts to provide a step-by-step approach to the subject of finite fields. 
Rigorous proofs and highly theoretical materials are avoided. The simple concepts of 
groups, rings, and fields are discussed and developed more or less heuristically. Examples 
are used liberally to illustrate the meaning of definitions and theories. Applications 
include discrete Fourier transforms and Reed-Solomon coding. 



Review of Finite Fields 


The ultimate objective of these notes is to show how the 
finite field can be used to decode Reed-Solomon codes. Before 
developing these techniques, let us consider some of the struc- 
tures and properties of finite fields. 


1 Group 

A set of elements with a binary operation is called a 
group, G, if for any arbitrary elements a, b, and c, which 
belong to G, the following four postulates are satisfied: 

P { : a • b €E G (closure law) 

P 2 : a • (b • c) = (a • b) • c (associative law) 

Py There exists an identity element e in G such that 
a • e = e • a ~ a for all a 6 G (identity element) 

P : For a 6 G. there always exists an inverse element a ~ 1 

in G such that aa~ 1 = e (inverse element) 


1.1 A Commutative Group 

A group is called a commutative group if the operation also 
satisfies the fifth postulate: 

Py a • b = b • a (commutative law ) 


1.2 Order of a Group 

The order of a group is defined as the number of elements 
in the group. If the order is infinite, the group is an infinite 
group. Otherwise, the group is a finite g^oup. 


1.3 Example: An Infinite Group 

Let G = {±0,±1 ,±2,- • • } and let the operation be the 
arithmetic addition. It is straightforward to verify that G 
forms an additive infinite commutative group in which 0 is the 
identity element . and the inverse of a is -a. 


1.4 Example: A Finite Group 

Let G = {-1,1 } and let the operation be multiplication. 
Then, it is straightforward to verity that G is a multiplicative 
commutative group of order 2, so called because the operation 
is multiplication, (-1)* 1 = 1 • (-1). and there are only two 
elements. 


1.5 Subgroup 

A nonempty subset // of a group G is called a subgroup of 
G, if // itself forms a group under the same operation as in G. 


1.6 Example: A Subgroup 

In Section 1.3, we verified that G= {±0,±1,±2,- • • } is a 
group under addition. Let H be the nonempty subset consist- 
ing of all multiples of 5, i.e., // = {±0,±5,±10,- • • }. It is 
obvious that // is a subset of G, and H itself forms a group 
under addition. Hence. // is a subgroup of G. 

2 Ring 

A nonempty set R with two binary operations is called a 
ring if in R there are two defined operations, addition (+)and 
multiplication (•), such that any arbitrary elements a, b, and c 
in R satisfy the following postulates: 

Py a + b € R (closed under addition) 
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P : a + ft = ft + a (commutative law for addition) 

P v (a + ft) + c = a + (ft + c) (associative law for addition) 

P^\ For every a €E R, there exists an element 0 such that 
a+0=0+a=a (identity element for addition) 

P 1 : There exists an element a such that a + (-a)= 0 

(inverse for addition) 

P : a ’ b& R (closed under multiplication) 

6 

P : a • (ft • c) = (a • b) • c (associative law for multiplica- 

tion) 

P : a (b + c) = a‘b + a‘c and (b + c) • a = b *a + c*a 

(the two distributive laws) 


2.1 Commutative Ring 

Note that postulates P to P 5 require that /? be a commuta- 
tive group under addition. If R further satisfies the following: 

P^: a • b = b • a (commutative law for multiplication) 

it is called a commutative ring. If the commutative ring con- 
tains an identity or unity element for multiplication such that 
a • e = a • e = a. then the ring is called a commutative ring with 
unity for identity) element. 


2.2 Example: A Commutative Ring With a 
Unity Element 

Consider the set R = {0,1 ,2,3 ,4,5 } (i.e., the elements of R 
are the integers modulo 6) and the operations addition and 
multiplication defined by a + b (mod 6) and a • b (mod 6), 
respectively. It is simple to show that the elements of R satisfy 
postulates 1 to 9 and that R is a commutative ring with unity 
element. The modulo arithmetic (see notes below) ensures that 
the results of the operations remain within the group, i.e., it 
ensures that the set is closed under addition and multiplication 
(P, and P ft ). 

Notes on Modulo Arithmetic 

in “modulo q arithmetic,” one can subtract q or a multiple 
of q from the result wihtout changing the result, e.g., for 
q = 6, 5 • 5 = 25 = 25 -4 • 6 = 1 (mod 6). 


Similarly, one can add q or any multiple ol q to the result, 
e.g., 1-5 = -4= -4 + 6= 2 (mod 6). By so doing, the 
operations addition and multiplication are warranted to be 
“closed." 

If a = ft (mod p),c = d (mod p ), and m is any integer, then, 

( 1 ) m • a = m • ft (mod p) 

(2) a ± c =ft ± d (mod p) 

(3) a/c = b/d (mod p) 

But n • a = n • ft (mod p) need not imply a = ft (mod p) 
unless n and p are relatively prime, for p may not divide a - ft 
if p divides n. For example, 3 • 4 = 3 • 9 (mod 1 5 ) but 4 9 

(mod 15); however, 3 • 4 = 3 • 9 (mod 5) does imply 4 = 9 
(mod 5) for (3,5) = 1 . 


3 Field 

A field is a commutative ring R with unity element in 
which every nonzero element has a multiplicative inverse. In 
other words, a commutative ring with unity element is called a 
field if the nonzero elements of R form a commutative group 
under multiplication. 

3.1 Order of a Field 

The order of a field is defined as the number of elements in 
the field. If the order is infinit', the field is an infinite field. 
Otherwise, the field is a finite field. 


3.2 Example: A Field 

Let F be the set of integers modulo 7, i.e., F = 
(0.1 .2,3 ,4,5,6). Let the addition and multiplication operations 
be defined as a+ft= c (mod 7) and a-b = c (mod 7), 
respectively. It is easy to show that F is a commutative ring 
with unity element 1. Also, every nonzero element has an 
inverse element, as evidenced by 

1*1 = 1 (mod 7) 

2*4=1 (mod 7) 

3*5=1 (mod 7) 

4*2=1 (mod 7) 
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5*3=1 (mod 7) 

6*6=1 (mod 7) 

The nonzero elements (1,2 3,4,5,6) form a multiplicative 
group. 

3.3 Corollary 

Let / be a set of integers and let p be a prime; then the set 
of integers modulo p (i.e., 0,1,2,- • -p - 1) forms a finite or 
Galois field of order p, denoted by GF(p). Using GF(p) as a 
starting point, one can construct extension fields with p" 
elements (see Section 5.1). One of the fundamental theorems 
of field theory states that GF(p) and GF(p n ), where p is prime 
and n is an integer, are the only possible finite fields (see Ref. 
1 . page 50). 


3.4 Counter Example: To Show That the Set 
of Integers Modulo 6 Is Not a Field 

The ring R = (0,1 ,2,3 ,4,5) is not a finite field because some 
of the nonzero elements in R do not have inverses. For 


example, 2 does not have an inverse element, as evidenced by 
multiplying 2 by all elements in R: 

2*0 = 0 (mod 6) 

2*1=2 (mod 6) 

2 • 2 = 4 (mod 6) 

2*3=0 (mod 6) 

2*4 = 2 (mod 6) 

2 • 5=4 (mod 6) 

3.5 Examples: Finite Rings and Fields 

From Sections 2.2 and 3.2, one may generalize that the set 
of integers modulo any integer forms a finite ring. A set of 
integers modulo a prime number forms a finite field (see also 
Section 3.3). 
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4 Summary of Relationships Between Different Albegraic Structures 


Algebraic Structure (Ref. I) 


Properties 



One operation, say, closed; 
associative 


Also with identity element for 


Also with inverse for 


Also commutative for “+” 


With two operations “+” and 
a commutative group under “+” 

Also closed and associative under 
and are distributive 


Also commutative for 


Every nonzero element has multi- 
plicative inverse, i.e., 0 ' 1 exists 
and that aa~ l = 1 , where I is the 
identity (or unity) element for 
multiplication 


The number of elements in the field 
is finite 


GF( p m ) = extension field 
GF(p) = ground field, 
where p is prime and m is an 
integer. It can be shown that 
GF(p m ) are the only possible 
finite fields (see Ref. 1) 


Remarks 


Therefore, a ring is a commutative group 
under a semigroup under and 
and possess the distributive 
property” 


Therefore, a commutative ring with unity 
element is a commutative group under 
“+”;a monoid under 

Therefore, j field is a commutative group 
under addition and its nonzero elements 
form a multiplicative group 


4 










5 Ground Field and Extension Field 

In Section 3.5, it was concluded that the set of integers 
modulo a prime number is a finite field, GF(p). GF(p) is 
referred to as the ground field and GF(p n ) as the extension 
field of GF\p), where n is an integer and p is a prime. 

5.1 Construction of the Extension Field G F[p n ), 
Given the Ground Field GF(p) 

& 

Let^p (.v) be a monic irreducible polynomial (see notes 
below) of degree n over GF(p), i.e., 


5.2 Example: Construct GF(2 3 ) 

Rather than establishing the validity of the procedure 
described in Section 5.1, we shall illustrate it by an example. 

Let p = 2 and n - 3. It is required to construct Galois field 
GF{2 3 ). 

Since p(x) = x 3 + x + 1 is not zero over GF( 2) (i.e., for x = 
0 and x = 1 , p{ 0) and p( 1 ) are nonzero), p(x) is said to be 
irreducible over GF(2). Thus, there exists an a G GF(2 3 ) such 
that p(a)= a 3 + a + 1=0. Then, the set of elements of 
Gf(2 3 )is given by 


p(x) = x n +a n l x" '+a j2 x n 2 + 


+ fl o * 


GF( 2 3 ) = {a 2 a 2 + a, a + a 0 la Q , a, , a 2 G GF( 2)} 


where 


Or. expanding this in full, the elements of GF(2 3 ) = GF(8) are 


a . , a 

n - 1 n 


2’ 


a Q G GF(p ) 


0a 2 + 0a + 0 = 0 


A root, say, a, of p (x) exists and can be found in the exten- 
sion field GF{p' ). It can be shown that all elements in GF(p n ) 
given by (see note below) 


0a 2 + 0a + 1 = 1 
0a 2 f I a + 0 = a 


{i a . a"' 1 +a , a" 2 +a a n ~ 3 + • • • +a a 0 } 

1 n~ I n-2 n- 3 0 1 


a n-\’ a n- 2 '---' a o GGF M 


0 ) 


0a 2 + la + 1 = a + I 
la 2 + 0a + 0 = a 2 


satisfy the definition of a field. In general, if p is a prime and n is 
an integer, there always exists a Galois field of order p n (Ref. 2). 

Thus, according to (1), the elements of GF(p n ) can be 

obtained by substituting into the polynomial a n _ x a”' 1 + 

a . a n ~ 2 + a , a" -3 + ••• +a„ a° various values for a ,, 
n-2 n — j u n— i 

a n _ 2 , etc. Since there are p elements in GF(p), there are"/?" 
different ways to assign a value to , , and similarly to a n _ 2 , 
o n _ 3 , ■■■, a 0 . Thus, there are p n different substitutions, yield- 
ing the p n elements of GF{p n ). 

Notes: A monic mh degree polynomial is one in which the 
coefficient of the highest degree term,.t", is unity. 

An irreducible polynomial is one which cannot be fac- 
torized or one which contains no divisors except scalars 
and scalar multiples of itself. 

A = {‘VTa” has property P } is a mathematical short- 
hand which is interpreted as ‘VI" is the collection of 
all elements "a” such that “a” has property P. 


I a 2 + 0a + 1 = a 2 + 1 
la 2 + la + 0 = a 2 + a 
la 2 + la + l=a 2 +a+l 

5.3 Theorem: Existence of Primitive Element(s) 
and Associated Cyclic Group(s) 

There exists a primitive element aG GF\p n ) that generates 
the nonzero elements of GF(p n ). The nonzero elements of 
GF(p n ) form a cyclic group of p n - 1 elements. 

5.4 Example 

From the exampie given in Section 5.2, we know that 
G'F(2 3 ) is formed by 

GF(2 3 )= {(a 2 a 2 +a, Q +a 0 )|a Q . a,. a 2 GGF(2)} 
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where 

p( a) = a 3 + a 1 +1=0 

This implies a 1 = -a - I = a + 1 . Let us start from an element 
aEGF( 2 3 ). Tlien. 

a 2 = a • a = a 2 

a 3 = a 2 ’ a ~ u - I = a + 1 

a 4 = a 3 • a = (a + 1 ) a = a 2 + a 

a 5 = a 4 • a = (a 2 + a)ar = a 3 +a 2 

= a+ l+a 2 =af 2 +a+l 

a 6 = a 5 • a = (a 2 + a + 1 ) a 

= a 3 + a 2 + a = a + 1 +a 2 + a = a 2 + 1 

a 7 = a b • a = (a 2 + 1 ) a = a 3 + a 

= a + 1 + a 
= I 

Thus, the nonzero elements of GF(2 3 ) as obtained in Section 
5.2 can be written in the form: 

(a, a 2 , a 3 , a 4 , a 5 , a 6 , a 7 ) 
or 

(a. a 2 , a + 1 , a 2 + a, a 2 + a + 1 , a 2 + 1 , 1 ) 

Hence, since a generates all the nonzero elements of GF{2 3 ), 
a is a primitive element of GF(2 3 ) and a. a 2 , a 3 , a 4 , a s , a 6 , a 7 
form a cyclic group* of 2 3 - 1 elements in GF(2 3 ). 

5.5 Example: A Primitive Element Generating 
a Cyclic Subgroup 

Lei GF(p) be the ground field. As mentioned in Section 
5.3, there always exists a primitive element which generates 


‘Since a 1 = I , a 8 = a • a 7 = a, a 9 = a 7 • a 1 = a 2 , etc. Thus, alter the 
first 7 elements, no new elements will be generated. In coding termi- 
nology, if every cyclic shift of a code word gives another, the code is a 
cyclic code (see Ref. 2, p. 1 24). By analogy, the group generated by a 
is referred to as the cyclic group. 


one cyclic subgroup of order p- 1. For example, let the 
ground field be (7/*'(7 ) = (0,1 ,2,3 ,4,5,6). It can be shown that 
7 = 3 is a primitive element, and the cyclic subgroup generated 
is 


G . =G = (1,23.4,5,6) 

p ~ 1 * ° 

This is so because 

3 1 =3 

3 2 =9 = 2 (mod 7) = 2 

3 3 = 3- 3 2 = 3- 2 = 6 

3 4 = 3 • 6 = 4 
3 s =5 

3 6 = I 

G p _ | = G ^ — (3,3 2 ,3 3 ,3 4 , 3 s , 3 6 = 1 ), where 3 is a primitive 
element in GF(1). Since 3 generates the cyclic subgroup of 
order 6 ofC/-'(7), it is also called the generator of G h 


Note: To evalute 5 s . make use of the fact that 5 4 = 2 is 
known. 

Hence, 5 s = 5 -5 4 = 5- 2=10 = 3 in modulo 7 
arithmetic. 


5.6 Additional Examples: To Illustrate the Slight 
Difference Between a Primitive Element 
and a Generator of a Subgroup 

In GF (7), 4 is a generator of a subgroup of order 3, but is 
not a primitive element, as evidenced by the fact that 

4 =4 

4 2 = 2 

4 J = 1 

Once this point is reached, further multiplication of 4 by 
itself will not generate any new elements since 4 4 = 4 3 • 4 = 4 
(mod 7), 4 <i = 4 3 • 4 2 = 2 (mod 7), etc. Thus, 4 generates the 
cyclic subgroup of order 3, G } = {4,2,1 }. 
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However, 5 is a primitive element as evidenced by the fact 
that: 

5 =5 

5 2 =4 

5 3 =6 

5 4 =2 

5 s =3 

5 6 = 1 

To recap, a generator in GF(p) is one which generates a 
cyclic subgroup of GF(p). The generator whose cyclic group is 
of order p - 1 is called a primitive element of GF(p). An 
additional example is given in Section 7.3. 


5.7 The Number of Primitive Elements in GF(p) 

This section briefly shows how the number of primitive 
elements in a given field GF(j>) is calculated (see Ref. 3, pp. 23 
and 47). It turns out that the number of primitive elements of 
GF(p) is given by 0 (p - I ), where <f>(m ) is called Euler’s 0-func- 
tion and is defined as the number of positive integers less than 
or equal to m that are relative prime to m. 

For example, consider GF(1) when p = 7 and p - 1 = 6 . 
Here, 0 ( 6 ) is 2 since there are only two numbers which are 
relative prime to 6 , namely, 1 and 5. It has been demonstrated 
(Sections 5.5 and 5.6) heuristically that 3 and 5 are only two 
primitive elements in GF{7). 


6 Definition of the Order of an Element 

Let 7 be a nonzero element in GF(p ), and let d be the 
smallest integer such that Y 1 = I . The order of 7 is then d. 


6.1 Example: Primitive Element and Order of 
an Element 

It was shown in Section 5.5 that 5 is an element of GF(7) 
of order 6 for 5 6 = 1. Also, since the cyclic group of 5 is of 
order 7 - 1 = 6 , 5 is a primitive element of GF( 7). Further, 
since 2 3 = 8 = 1 (mod 7), 2 is an element of order 3. 


7 Theorem on Cyclic Subgroups of a 
Given Field GF(p) 

The following theorem enables one to obtain all of the 
cyclic subgroups of a given field GF{p). It states: 

Let GF{p) be a finite field. If d divides p- 1, then GF(p) 
has an element 7 of order d. This element 7 is a generator of 
cyclic subgroup G d C GF(p), where G d = ( 7 , 7 2 , • • •, T * 2 = 1 ). 
(Note that tiie symbol C means G d is a subsot of G Ftp), or G d 
is contained in GF(p )). Stated differently, the theorem says 
that the order of every element must divide p - 1 , where p is 
the order of the group. 

7.1 Example: Application of the Theorem Given 
in Section 7 

Consider GFiJ) = (0,1 ,2,3 ,4, 5, 6 ). Since* p = 7, p - 1 = 6 . 
Consider d = 3; since (p - 1 )/d = 6/3 = 2, d divides p - 1 , and 
one can conclude from the above theorem that there exists a 
subgroup G i of GF(7), i.e., G ? is a subset of the elements of 
GF{ 7). 

7.2 Plausible “Proof” of the Theorem Given in 
Section 7 

Consider GF(p) which has a primitive element 7 such that 

7 P “'-1 (2) 

Also, let d divide p - I such that 

- j — = m or p - I = dm (3) 

Substituting Eq. (3) into Eq. (2), we have 

y , -'= 7 dm = l or (7"') d =l 

Thus, there always exists an element 7 "' of order d. Also, 
the element f m will generate the cyclic subgroup {( 7 '") 1 , 
( 7 W ) 2 , ( 7 m ) 3 , • • •, ( 7 , ”) t/ } of order d (since there are d 
elements). Hence, the theorem in Section 7 is “proved.” 

To further illustrate the use of the theorem, consider the 
nonzero elements of GF(7 ) denoted by G j : 

G b = (1.2, 3 .4,5, 6 ) 

= (3,3 2 ,3 3 ,3 4 ,3 s ,3 6 = I) 
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For d = 3, since p - I Id = 6/3 - 2, 7 * = 7 3-2 = ( 7 2 ) 3 = 1, 
one can conclude that there exists 2 primitive element y 2 = 3 2 
of order 3 that generates the elements ((3 2 ) 1 , (3 2 ) 2 , (3 2 ) 3 = 

I ), which constitute the subgroup G . Thus, 

G d =G 3 =((3 2 )',(3 2 ) 2 ,(3 2 ) 3 * !) 

= (2,2 2 ,2 3 = I ) since 3 2 =2 

Here, 7 = 2 is called the element of the cyclic subgroup 6 ’ 
and since Y 1 = 2 3 = 1 , the order of 7 is 3. 

7.3 Distinction Between a Primitive Element a 
and a Generator 7 

Let a denote the primitive element that generates all of the 
nonzero elements (a 1 .a 2 , ■ ■ ■,a p ~ i ) of Gi\p). The order of 0 
is p - I . Further, let 7 denote the generator of a subgroup G d 
of GF(p). If J divides p - 1 , it was shown in Section 7.2 that 
there exists an element 7 such that y J = I , and such that 7 will 
geneiate some of the elements of GF(p) but all of the elements 
of G r i.e., G d = ( 7 . 7 2 . • • •, 7 **), where G d is a subgroup of 
GF(p). Here, il is the order of the element 7 , and also the 
order of the subgroup G d . 


7.4 Different Terminology for 7 

Element 7 has many names. It is referred to as: 

( 1 ) The generator of since G d = ( 7 , 7 2 , • • •, y d ). 

(2) The “Jth root of unity,” since y d = 1 and, hence, 7 = 

<T\. 

(3) An element of order d, since d is the smallest positive 
integer such that 7 ^ = 1 . 


7.5 Different Terminology for d 

integer d has many names. It is referred to as: 

( 1 ) The orde of the subgroup G d , since G has d elements. 

(2) The order of the element 7 , since 7 = 1 . 

(3) The transform length, in the context of the study of 
“DFT over finite fields” (see Section 8 ). 
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Application of Finite Fields to Discrete 
Fourier Transforms 


Finite fields have applications in many areas of modern 
studies. Among them is the area of Fourier transforms (Refs. 
4-11). We shall now describe how finite fields are applied to 
the evaluation of Fourier transforms. 


8 The Discrete Fourier Transform Over 
a Finite Field GF(p) 

The discrete Fourier transform (DFT) of an integer 
sequence a Q , a r a n , • • •, a d _ ( is defined with respect to G d> 
where G d is a subgroup of GFip) (Refs. 4 and 5). The order d 
of the subgroup G d determines the number of members in 
sequence a n and is referred to as the transform length. Thus, 
the DFT of sequence a n over G d of GF ip) is defined as 

d- I 

A k = Yj a n^ k ' 0 J (4) 

n = 0 

where 

a Q , a { , fl 7 , • • •, a d t is the given integer sequence whose 
DFT is desired, and a n €E GFip). 

y is an element of GF(p) and is the generator of G d such 
thatC <i = (T l ,7 2 .--,7‘ / = 1). 

d is the order of the element y and also the order of the 
cyclic subgroup G d generated by 7, such that y d = 1, 
and there are d elements in G .. Here, d is referred to 

a 

as the transform length and determines the number of 
members in sequence a n and in its transformed 
sequence A k . 


A q , A t , • • •, A d _ j is the transform of a Q , a t , ■ • •, a d _ ( , 
and A k £ GF{p). 

It can be shown (Ref. 7) that the inverse transform is given 
by 

d- I 

a„ =(</)'' £ A k 7 _ "\forO<n<J- 1 (5) 

k = 0 

where 

A q , • • •, A d is the given transform, the inverse 
transform of which is desired. 

id) is the residue of d modulo p, for d < p. id) - d. 

(d)~ 1 is the inverse element of J. 

If d is a power of two. it is well known (Refs. 6 and 7) that 
the fast Fourier transform (FFT) algorithm can be utilized to 
realize the needed transforms. 


8.1 Choice of 7 and d 

Considering how the transform and the inverse transform 
are computed (see Eqs. 4 and 5), it is advantageous to choose 
7 = 2 or power of 2 and the order of 2 is a power of 2 because 
multiplication in these cases means “shifting” in actual logic 
implementation, and the most efficient FFT algorithm can be 
used to yield a fast transform. 

Also, it is advantageous to choose J to be a power of 2. 
This is because fast Fourier transform techniques car. then be 
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applied. The reader is referred to Ref. 6 for further elucidation 
on this point. 

8.2 Finite Field With p Equal to a Fermat Prime 

A Fermat prime, F , is a prime number defined by 

F - 2 2 +1, for n- 1,2,3 ,4 

n 

We shall consider GF(p), where p= F . This is because the 
values of 7 and d resulting from GF(F n ) will have the desired 
properties discussed in Section 8 (see Section 8.3). 

8.3 To Show That GF(F„) Has an Element y-2 
and That the Order of y la a Power of 2 

Let y & GF(F ) and d be a power of 2. There exists a 
theorem (see Ref. 7) which states that if 

yd 12 = _ | ( mo J p ) (6) 

then 7 is an element of order d. 

Making use of this theorem, choosing p = F , since 

F, = 2 2 " + l (7) 

2 2 "= - 1 (mod F ) ( 8 ) 

fl 

Comparing Eqs. ( 6 ) and ( 8 ), we have 

yd 12 =2 2" 

where 

7 = 2 
and 

d - 2 " + 1 

Hence, GF(F n ) will have an element equal to 2, whose order 
is d - 2 n+l . Also, 7 will generate a cyclic subgroup G d of 
GF(F n ), where 


8.4 Example: A Finite Field With 7=2, and d 
Being a Power of 2 

Consider n = 2, such that F = 2 2 2 + 1 = 17. The theorem 

n 

predicts that there exists an element y-2 of order 2 " ,! = 
2 2 + 1 = 8 , that this is so is evident by 

= 2 8 = 256 

Since 256/17 = 1 5 with a residue of 1 , 

256 — 1 (mod 17) 
that is, 

7 ^ = 2 8 = I (mod 17) 

Here, 7 (= 2) has order d (= 8 ) which is a power of 2. Also, 

G ( / = G 2 3 =C 8 = ( 2 I ’ 2 2 , 2 3 ,--, 2 7 , 2 8 = I) 


8.5 Example: To Obtain the DFT Over GF(5) of 
the Sequence (a 0 =1, a^l, a 2 =3, a 3 = 1) 

Since 2 2 " + 1=5 for n = 1 , 5 is a Fermat prime. We expect 
7 = 2 to be a generator, and that it will have order d = 2 n * 1 = 
2 , + l = 4. Also . 7 generates a cyclic subgroup G d = G 4 C 
GF( 5). 

We shall proceed to obtain the DFT over G., which is a 
cyclic subgroup of GF(5 ). Repeating Fq. (4), 

J-i 

A k = £ a n y nk , <d- I 

n~0 

for t/ = 4, 7 = 2, = a Q + a t 2* +<* 2 2 2 * +a, 2 3 *. 

Given a 0 = 1, a f = 1 . a 2 = 3, a i - 1, the transform of this 
integer sequence is 

A Q = 1 + 1+ 3 + 1= 6 = 1 (mod 5) 

i4 1 = l + l*2 + 3’2 2 +l * 2 3 = 3 (mod 5) 

A 2 = I + I • 2 2 + 3 • 2 4 + I • 2 6 = 2 (mod 5) 

A 3 = I + I • 2 3 + 3 • 2 6 + 1 • 2 9 = 3 (mod 5) 
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For the above computation, we make use of the fact that y* = 
2 4 = 1 to simplify the arithmetic. 


8.6 Example: To Obtain the DFT 1 (Inverse 

Transform) of the Sequence (A 0 =1, A ,=3, 

A 2 — 2, A 3=3) 

It is obvious that if the modulo arithmetic is performed 
correctly, the inverse transform should be a Q = l,a = \ ,a 2 = 
3,a 3 =l. 

Before substituting in Eq. (5) which is 

d- i 

a n =(d)~ l ^2 A k y~ nk JoiO<n<d- 1 
*=o 

it is necessary to evaluate ( d )~ 1 , which is the inverse of d. For 
7 = 2,c/=2 2 =4, 

(</)-' = 2- 2 

Since 

(</)•(</)-' = ( 2 2 ) • ( 2 -2 ) = 1 
and 

(</)"' = 2 -2 = 2~ 2 2 4 = 4 = - 1 (mod 5) 

then 

(d )~ 1 = - 1 (mod 5) 

Note: Since y* = 1 , 2 4 = 1 . Also, 4 = - 1 in modulo 5 
arithmetic. 

Thus, 

a n =-l (A q +A { 7~ n +A 2 • 2~ 2 " +A, • 2' 3 ") 

= -1 (1 + 3 • 2~ n + 2 • 2 -2 " + 3 • 2" 3 "), 
for n = 0, 1, 2, 3 
or 

a 0 = -(l + 3 + 2 + 3) = -4 = 1 


a, =-(l +3 • 2 ' 1 + 2 • 2 " 2 + 3 • 2 -3 ) 

= -(1 + 3 • 2 3 + 2 • 2 2 + 3 • 2') = 1 
a 2 =-(l +3 • 2 ' 2 +2 • 2 -2 * 2 +3 • 2' 3 ' 2 ) 

= -(1 + 3 • 2 2 + 2 + 3 • 2 2 ) = 3 
a 3 = -(l + 3 • 2 -3 + 2 • 2 -2 ' 3 + 3 • 2 -3 * 3 ) 

= -(l +3 • 2 + 2 • 2 2 + 3 • 2 3 ) = 1 

Hence, 

(fl 0 .fl,. a 2 ' a 3 ) = (*» I > 3 ’ *) 

Note: For the above computation, again, we use the fact that 
2 ~n - 2 ~n . 2 4 . This is because y* = 2 4 = 1 (mod 5). 

9 Convolution Over GF(F n ) 

Let a 0 , a, ,• • • , a d and b 0 ,b v • ■ \ b d be two sequences of 
integers (where d will later be referred to as the transform 
length). The discrete convolution is defined as 

d - 1 

c = Y a b, ,, p = 0. 1.2. I (9) 

p i—d n (p-n) r ’ 

n = 0 

where (p - n) denotes the residue of p - n modulo d. 

9.1 Example: Direct Evaluation of the 
Convolution 

Let a 0 = 1 , a, = 1 , a 2 = 0 a 3 =0 and b Q = 1,6, = 1 . b 2 = 
0,63 = 0 . 

Compute the discrete convolution. 

4 — 1 

C p = £ a n b (p-n )' Whe ' ed = 4 
n = 0 

or 

<p =fl 0*(p-0) +fl l b ip-i) +a 2\p-2)* a 3 b ( P . 3 y 
forp = 0, 1, 2, 3 
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or 


Let 


4 'o a 0*(0) +a i*(-l) +a 2^(-2) +a 3*(-3) 


= a 0*0 +a . ft 3 +fl 2*2 * a 3 A . 


(Note that A =6 hence, b = fr.) 

-n — n * a - J l ' 

- 1 • 1 + 1 • 0 + 0 • 0 + 0* 1 = I 


r . =a 0*(.) +a . /, 0 +a 2*(-.) +a 3*(-2) 


= a 0 h l +a t^O +a 2 /, 3 +a 3 /7 2 


= 1 • 1 + 1 • 1 + 0*0 + 0*0 = 2 


C 2 =a O h 2 +a t A (l) +a 2 /, 0 +a 3 /, (-t) 


= °O h 2 +a . A . +a 2 6 0 +fl 3 ft 3 


= 1 * 0+1 ■ 1 + 0 * 1 + 0 * 0=1 


r 3 =a O /, 3 +a .*2 +a 2 A . +a 3 ft 0 


= 1 • 0 + I • 0 + 0 • 1 +0 • I =0 


Hence. 


r = I r =2 C = 1 C = 0 
0 ' I * 2 ’ 3 


c k ’ A * 


B. 


It can he shown that the discrete convolution over GF(F n ) can 
be obtained by taking the inverse transform of C k , i.e.. 




- 1 


cl- I 


k 0 




-kn _ „ L 

a n (p-n) 


9.3 Determination of the Dynamic Range 

In order to avoid overflow (i.e., to avoid c assuming 
integer values outside of that allowed by GF(F n )), it is 
necessary to keep 


F - 

n 


F- I 


P 


To achieve this, limits have to be imposed on sequences a n and 
b . Since 

n 


lc,| < 



d-t 

'£ 

n = 0 


a b. . 

n ( p-n ) 


d - I 

< £ 

n = 0 


I aj 




F -1 

n 


9.2 Evaluation of the Convolution by the Discrete 1 01 
Frontier Transform Method 

The discrete convolution of sequences a n and b n can be 
computed by DFT over GF(F n ). To do this, we compute the 
discrete Fourier transform over GF(F n ) of sequences a n and 
h . respectively, i.e.. 


d- i 


A k = 


d..r 


nk 


n = 0 


I a \<A,\b |<fl,forw=0, 1, 1 

n n 


'£ 

» -- n 




and 


If A = fl, then 


d- i 




n = 0 
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where [at | denotes the greatest integer less the x, and A is The DFT over (ib(5) ofa n are 
called the dynamic range. 


Therefore, if 


-A <a ,b <A, for n = 0,1,2, • • •, d - 1 

n n 




-,nk _ 


fl 0 +fl | 2 +fl 2 2 


2k 


+ a 


-,3k 

3 


where 2 is an element of order 4 in GF(S). It follows that/l fc - 
1+1*2* and ,4 0 = 1 + 1 • 2° = 2, /I , = 1 + 2=3, /1 2 = 1- 
I =0,/f 3 = 1 +3 = 4. 


9.4 Example: Computation of Convolution of 
DFi' and Determination of the 
Dynamic Range 

Let a 0 = 1 , a, = 1 , a 2 = 0, a 3 = 0 and b 0 = 1 , b x = 1, b 2 = 
0, b 3 = 0. Compute the discrete convolution by using DFT 
over GF{ 2 2 + 1). 


Similarly, the DFT of sequence b n is 

B 0 = 2,B l =3,B 2 =0,fi 3 = 4 


But 




B. 


Therefore, the DFT of the convolution modulo 5 is 


Since /•’, = 2 2 ' + 1 = 5, the dynamic range is 


C o =4 - 


C,= 4, 


C 2 =0, 


C 3=' 



The inverse transform of C fc is 

'.•W • E c . r "‘ 

« = o 


Note: Although d = 4, we use an “effective d = 2.” This is 
because the two given sequences a n and b n possess 
zeros in the last two terms. It is obvious, by studying 
Fq. (10), for example, that zeros in a n and b n will 
reduce the number of terms. In general, if the number 
of nonzero elements in a n and b n are n a and n b , the 
“effective d" is equal to the larger of n a and n b . 


= -l(C 0 + C,2’* + C 2 2” 2 * +C 3 2 -3 *) 

= -(4 + 4 • 2" * + 2‘ 3 *), for k = 0, 1, 2, 3 


or 


Hence, 


c Q = -(4 + 4+ 1)= 1 


i 

and 


- 1 <a n , b n < 1, for n = 0,!,2,3 



< 


5 - 1 
2 


(10 


( 12 ) 


c, =-(4 + 4 • 2" 1 +2‘ 3 ) = -(l + 2) = 2 
c 2 = -(4 + 4 • 2 -2 + 2' 6 ) = -(4 + 1 + 2 2 ) = 1 
c 3 = -(4 + 4 • 2' 3 + 2 -9 ) = -(4 + 4 • 2 + 2 3 ) 


= -(4 + 3 + 3) = 0 


The given sequences a n and b n are seen to satisfy the It is seen that the values of c„’s remain within the dynamic- 

constraint (1 1). range specified by (12). 
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Note: In the above computation, the usual tricks in finite 

field arithmetic have been used, namely, 

(1) Adding to or subtracting from the result by 
“multiples of 5 = 0 (mod 5).” 

(2) Multiplying the result by y J = 2 4 = 1 (mod 5) 
to get an appropriate finite field element. 

This is done “to bring the result of the compu- 
tation to within the field.” 


10 Arithmetic Operations Needed to 
Compute DFT Over GF(F n ) 

The arithmetic operations needed are: 

( 1 ) Negation modulo F n 

(2) Integer addition modulo F n 

(3) Multiplication modulo F n 

(4) Multiplication by power of 2 

We shall illustrate the algorithms by examples. 

Consider GF(F t ) = GF( 2 2 + 1); a 3-bit word length is 
required to represent all the 2 2 + 1 elements. In general, for 
GF(F n )= GF(2 2n + 1), 2" + 1 bits are required to represent 
all of the 2 2 " + 1 elements. (Note that if there are 2 2 ” 
elements, 2" bits are required, and there is no unused state. 
Since there are 2 2 ” + 1 elements, the extra element calls for 
one additional bit. with 2 2 " + 1 - 2 2 ” - 1 unused states.) 

10.1 Negation Modulo F n 

The problem can be stated as follows: Given an element 
"a” in GF(F n ), what is the procedure (or algorithm) for 
computing “-a”? 

Solution: Consider the specific example a - 2 such that 2 € 
GF (5). -2 can be computed by subtracting 2 from 5, i.e., -2 
* 5 - 2 - 3 . 

Hence, the algorithm is: Given aE GF(F n ), to obtain -a, 
use the property that -a = F n - a. 

10.2 Addition Modulo F n 

The problem can be stated as follows: Given elements a.b € 
GF(F n ), what is the algorithm for computing (a + 6) modulo 

V 


Solution: Consider the specific example a = 3, b = 4, F n = 
F, = 5. 

In modulo arithmetic 3 + 4 = 7 = 2 (mod 5). The algorithm 
may be illustrated as follows: 

2 3 2 2 2 * 2 ° 


a = 3 0 1 1 

+6 = 4 10 0 



c= 7 — 2 (mod 5) 0 10 

Thus, the algorithm is: if the 2 2 th bit is a 1 (and the 2 1 th 
bit and 2°th bit are both not equal to zero), discard the I in 
the 2 2 -bit position, and subtract 1 from the 2° -bit position. 
The above parenthesized condition helps to exclude the case 
of 100 when a modulo operation is not needed. 

Justification for the algorithm When the number is 5 or 
more, “discarding the 1 in the 2 2 -bit position and subtracting 
1 front the 2°-bit position” is equivalent to subtracting 2 2 = 4 
and then 2° = 1 from the result, i.e., subtracting a total of 5. 

Generalized algorithm: To perform modulo F n addition, let 
m = n + 1 . If the 2"* -bit position is a 1 (and at least one other 
bit position is a 1), discard the 1 in the 2"* -bit position, and 
subtract 1 from the 2°-bit position. 

10.3 Multiplication Modulo F n 

The problem can be stated as follows: Given a.b E GF(F n ). 
what is the algorithm for computing a • b modulo F n 0 

Solution: As before, perform the binary multiplication and do 
a modulo F n arithmetic. For F n = 5, discard the 1 in the 
2 2 -bit position and subtract 1 from the least significant 
position, e.g.. 

2 2 2' 2° 


a = 3 0 1 1 

6=2 0 1 0 



a • 6 (mod 5) = 1 0 0 1 
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10.4 Multiplication by Powers of 2 in Modulo 
F n Arithmetic 

The problem can be stated as follows: Given that "a" 
belongs to (!!•'( F n ) and any integer m , what is the algorithm 
for computings • 2"' modulo /•’„? 


the convolution of the two sequences (C 0 ), . (C t ),,•••, (C d ), 
and (C’ 0 ) 2 , (C, ) 2 , • • • , (C J ) 2 over the ring R(h' n • /•„,) de- 
noted by C 0 , C , • • • , C d can be computed using the Chinese 
Remainder Theorem (see Ref. 3, p. 31). The dynamic range is 
now from “zero to /•'„ • F m - I .” 


Solution: Let a = 3. m = 2, n = 1 


11.1 The Chinese Remainder Theorem 


s = 3: 



a • 2 m is 
equivalent to 
shifting left by 
m positions 


The explanation is as follows: Since 


This theorem provides an efficient method for solving a 
certain kind of problem, e.g., find v given that the remainders 
are I and 2 when x is divided by 3 and 4, or find all integers 
that have remainders 1 or 2 when they are divided by each of 
3, 4, and 5 (see Ref. 3. p. 31). 

The theorem states: Let p (t p 2< p 3 , P k be integers 
which are relative prime in pairs (i.e., taking any two numbers 
in the list, say, p ( and p., there is no common factor between 
p ( . and p i other than 1. e g., p. = 8, p = 9 are relative prime, 
although 8 and 9 themselves are not prime numbers.) Also, let 


2 2 = - 1 (mod 5) 

2 3 = -2 (mod 5) 

discarding the I in the 2 2 th position and minus 1 is equivalent 
to taking a modulo 5. Similarly, discarding a 1 in the 2 3 1 h 
position and minus 2 is also equivalent to taking a modulo 5. 

1 1 Extension of the Dynamic Range of 
c„* Using the Chinese 
Remainder Theorem 

Section 9-3 shows that to avoid “overflow,” i.e., to avoid 
k j’s exceeding (/•'„ - I )/2. k/J’s and lAJ’s are kept below the 
value 



Conversely, if IaJ’s and |/>„l’s exceed A. the k„l’s will exceed 
its dynamic range (/•„ - l)/2. In order to preserve precision, it 
is often necessary to extend the dynamic range for the c n ' s. 

The method for increasing the dynamic range for the c n ' s 
(Ref. 8) is as follows: Obtain the convolutions of the a n ’s and 
h n ' s twice once over the finite field GF(h' n ) and once over 
the finite field GF(F m ), where m # n. It can be shown that 

*c n is the convolution of two sequences o n and />„. 


P=P X P 2 P 3 --P k =P t W , = Pl m 2 = --- = P k % 

If 

x = (mod p ( ) 

x = c 2 (mod p 2 ) 

x = c k (mod p k ) 

the solution for jr. which lies in the range 

0 <x<p { p 2 ■ ‘ • P k 
is 

k 

x = Tj Ctnm 

l—t I I I 

i= I 

where m.~ l satisfies the relation m.m~ 1 h | modulo p. for /' = 

1 .2, •••/*. 

11.2 Example: Application of the Chinese 
Remainder Theorem 

Given x = 2 modulo 3 and x = I modulo 5, find x = a 
modulo (3*5). 
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Solution: By the Chinese Remainder Theorem, 


we have 


2 

,t= £ cpp-' = c x m x m-' + 

» i 

= 2/n Wj" 1 + ni 2 nt 2~ l 

For m - 5 and =3. since 

wi|»i ( 1 = I (mod /r ( ) 

so that 

5m 1 = I (mod 3) 


we get 

m ( “ 1 = 5“ 1 =2 (mod 3) 

using the Fermat theorem in Section 1 1 .4. Similarly, 
m~ 1 = 3“ 1 =2 (mod 5) 

Hence. 

-x = 2 • 5 • 2 + I *3*2 = 26 = 1 1 (mod 3-5) 


11.3 Example: To Illustrate How the Dynamic 
Range of the Convolution of Two 
Sequences Can be Extended 

Problem: Let a, = 4. a = 0, b„ = 2. b . = 0 be two given 
oioi D 

sequences. Compute the convolutions of a n and b n using DFT 

over G /-'( 3 and GF{5 ). 

Solution: Let us first compute the convolutions c Q , t' ( 
directly without using DFT. From 

J- i 

c - Tab, , 

p i—i n (p-n) 

il - 0 


c o = a o b o* a i b -i =8.forJ = 2./) = 0 
(note b _ = b . see Section 9.1 ) 

c, = a Q b t + a ] b Q = 0. for J = 2,p = I 

It is seen that 0 ^ c’ 0 . f, < 14. i.e., the dynamic range of 
the c p ' s is from 0 to 14. To obtain the convolution using DFT 
over GF{ 3 ) only or using DFT over GF{ 5 ) only would not be 
good enough since the required dynamic range exceeds that 
provided by (//•'( 3 ) and (,’/•'( 5). 

In order to get the required dynamic range, one should use 
DFT over a Galois Field of order 15; hut 15 is not prime and 
no such Galois Field exists. To overcome this problem, we 
obtain two convolutions, one over G7-'(3) and another one 
over G'/’(5), and then use the Chinese Remainder Theorem to 
compute c 0 and c, . The direct sum of Galois fields C 'F(3) and 
Gf'(5) is isomorphic to the ring R( 15).* 

It can be shown that the convolutions over GF(3) arc: 

(c‘ 0 ) 3 = 2 (mod 3) 

(c, ) 3 - 0 (mod 3) 

and the convolutions over GV'(5) are: 

(r Q ) 5 = 3 (mod 5) 

(c, ) s = 0 (mod 5) 

Using the Chinese Remainder Theorem. 

r 0 = 2- 5- 2 + 3- 3- 2 = 38 = 8 (mod 15) 
r, = 0 • 5 • 2 + 0 • 3 • 2 = 0 (mod 15) 

Since the last step uses "modulo 15” arithmetic, and 15 is 
not prime, we say that we have performed a convolution using 
DFT defined over the ring /?( 15). 


‘This follows from u theorem given in Ref. 12 which stales: Let </ ( be 
any prime and (/=</, • q 2 ' ' q r . I urthcr, suppose d\q j - I for all i. 
Then, a </-point transform on ring //(</) and its inverse transforms exist 
The inverse of the above is also true. 
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11.4 Fermat’s Theorem 


aa l ‘ ‘ = 1 (mod p) 


For every integer a and a prime p, i fp is relatively prime to 
a, then a p ~ 1 = I (mod p) or a~ 1 = a p ~ 2 (mod p). 

But 

If a E GF(p), it can be shown that a ~ 1 = a p ~* . Thus, given 
5 in GF( 3), 5“ 1 = 5 J 2 =5 = 2 (mod 3). 

Proof: I (aEGF(p), Hence, 

a p ~ l = 1 (mod p) 


aa ~ 1 = I (mod p) 


a~ x =a p 2 (mod /;) 
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Application of Finite Fields to Reed-Solomon 

Coding 


Another important area of application of finite fields is 
coding. Since Reed-Solomon (RS) codes are of increasing 
importance in modern deep space telecommunication, this 
section is devoted to the study of these codes, employing 
finite fields and fas' Fourier transforms. 


12 Application of Fermat Theoretic 
Transform to the Decoding of 
Reed-Solomon Code 


12.1 Reed-Solomon Code 

We shall summarize some of the basic ideas pertaining to 
the Reed-Solomon code (Ref. 9). 

(1) The RS code is a block code (as opposed to being a 
convolutional code). 

(2) An RS codeword will consist of / information or mes- 
sage symbols, together with P parity or check symbols. 
The word length is N = / + /’. 

(3) The symbols in an RS codeword are usually not binary, 
i.e.. each symbol is represented by more tnan one bit. 
In fact, a favorite choice is to use 8-bit s> moots. This is 
related to the fact that most computers have word 
length of 8 bits or multiples of 8 bits. 

(4) A multi-bit symbol is the information unit in an RS 
code. Each symbol may be corrupted at a single bit - 
position or by a burst of bit-errors affecting many bit 
positions. In the latter case if the corrupted symbol is 
corrected, the RS code is seen to be correcting a burst 
of bit-errors. This suggests that the RS code has the 
“built-in potential” of correcting burst errors. 


(5) In order to be able to correct "t" symbol errors, the 
minimum distance of the codewords "D” is given by 
l) = 2r + I. For multi-bit symbol sequences, the “dis- 
tance" between two symbol sequences equals the num- 
ber of symbol positions at which the two sequences 
differ for example, the distance between the sequences 
2.4, 3,4 and 2.0,3,4 is one. Note that each symbol is 
denoted by a decimal representation. 

If the minimum distance of an RS code is D. and the 
word length is N, then, the number of message symbols 
/ in a word is given by 

/ = N- (/)- 1) 

Combining with the formula given in paragraph (2), 
above, P = D - I . 

An example of the structure of a code word in a 
practical RS code is as follows: 


— 1 

1 


223 

255 


V 

' V 

v / 


223 message symbols 32 parity 

symbols 


Each symbol consists of 8 bits. Thus, each codeword 
has 255 symbols, or 255 • 8 bits, consisting of 223 • 8 
message bits and 32 • 8 check bits. This code is capable 
of correcting 16 symbol errors. 
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12.2 Relationships Between RS Decoding and 
Finite Field GF{F n ) 

It will be seen later that one of the steps in the decoding of 
the RS code is “the computation of the syndromes,” and this 
step is identical to obtaining the DFT of a sequence defined in 
Section X. 

Also, this step is very time-consuming, and RS decoding 
will be greatly accelera'ed if the discrete Fourier transform 
techniques applied u obtain the DFT of a sequence (as 
described in Sections 8.1 to 8.4) is applied to "the computa- 
tion of the syndromes.” Section 8.2 concludes that in order 
to apply discrete Fourier transform techniques, the elements 
of the sequence must belong to GF\F n ) when /•„ = 2 2 " + I 
such that 

• There exists a generator element 7 = 2. 

• The order of the element d (given by 7 J = 1 ) is a power 

of 2. 1 

It follows from the above discussion that certain “param- 
eters” of the RS code must be related to the "parameters” of 
GF(F n ) if the DFT techniques are to be applicable. The 
required relationships are summarized as follows: 

( 1 ) The symbols used in the RS code must be elements of 
GF(F ). where F - 2 + I. 

(2) It is convenient to choose the codeword length iX to be 

equal to the order of the element 7 = 2 , i.e., choose jV = 

d = 2" + 1 . This is because GF(2 2 " + 1 ) will always have 

a generator element 7 equal to 2 (see Section 8.2). 

Also, since 2 2 " + 1 = F , 
n 

2 2 = - 1 (mod F fl ) 

( 2 2 ) 2 = 1 (mod F n ) 

2 2 =l(nrodF n ) 

and. finally, 

d = 2 n + l 

Note that in DFT terminology, d is also the transform 
length (see Section 7.3). 

(3) The number of bits needed to represent a symbol is 

determined by the number of different symbols used. 


which, by (1 ). is equal to 2 2 " + I . Therefore, for F n = 
2 2 " + 1, the number of bits/symbol is 2” + I (see also 
Section 10). 

12.3 To Construct an RS Code of Wordlength 
Equal to 8 Symbols, and Capable of 
Correcting 2 Symbol errors 

It follows from 12.2(2) that N~d- 8=^2" + l . Hence, we 
shall choose n = 2. i.e. GF(F^) = 07’(2 2 “+ 1) = GF{ 17). 
GF( 1 7 ) will have a generator 7 = 2 such that y J = 2 8 = I 
modulo I 7. 

It follows from 12.2(1) that the symbols in the RS code 
will be the elements of GF( 1 7 ). Also, the number of bits/ 
symbol will be. from 12.2(3), 2" + I or 5. 

In order to correct two errors, the minimum distance of the 
code word is D~ 2 r + 1= 2 • 2 + 1= 5. The number of 
message symbols/codeword is / = IX - (D - 1) = 8- (5 - 1) = 
4. The number of check sym K ols is/ , = A'-/=8-4 = 4. 

To construct an RS code with minimum distance D. we 
first define a generator polynomial as follows: 

0-1 s-i 

g(Z) = Yl (Z- 2') = fl (Z " 2< > 

/= 1 / 1 

= (Z- 2)(Z - 2 2 )(Z- 2 3 )(Z- 2 4 ) 

= (Z- 2) (Z - 4) (Z - 8) (Z + I) 

a Z 4 - 1 3Z 3 + 8Z 2 - 8Z- 64 

= Z 4 +4Z 3 +8Z 2 - 8Z + 4 (mod 17) 

Assume the message symbols to be 1,2.3. 2. £ GF(\1). I^t 
us form /(Z)= Z 7 + 2Z 6 + 3Z 5 + 2Z 4 of degree A' - I = 7, 
using the message symbols as coefficients. In order to generate 
a “code word in a polynomial C\Z),” which is a multiple of 
j ?(Z), we proceed as follows: 

/(Z) = r/(Z)*(Z) + K(Z) 

where 

q(Z) = quotient polynomial 
yiZ) = generator polynomial 
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ill II I > 1 ■ 

R(Z) = residue polynomial 

C(Z) = q(Z)g(Z) = f(Z)- R(Z) 

R{Z ) is obtained by long division of the form : 


q(Z} 

K(Z) | f(Z ) 

R(Z) 

C(Z) = q(Z)g(Z) 


Thus, 


Z 3 - 2Z 2 + 3Z - 3 

Z 4 + 4Z 3 + 8Z 2 - 8Z + 4 | Z 7 + 2 Z 6 + 3Z S + V 4 

Z 7 + iZ 6 + 8Z S - HZ 4 + 4Z 3 

- 2Z* - 5 Z s + •/•.T 4 - 4Z 3 

- 2Z 6 - 8Z S - I6Z 4 + I6Z 3 - 8Z 2 


The encoded codeword is 

C(Z) = q(Z) • g(Z) - f(Z) - R(Z) 

= Z 7 + 2 Z 6 + 3Z S + 2Z 4 - 2Z 3 - 5Z 2 + 2Z + 5 
Tlie codewords have the properties 

C(t') = q(y‘)g{y') 

C( 2') = q(2‘)g(2') = q(2' ) 0 = 0, for / = 1, 2,3,4 

Ihis results from the structure of the generating polynomial 
that 

g(Z) = (Z- 2 'HZ- 2 2 )(Z- 2 3 )(Z - 2 4 ) 

Thus, it can be shown that 
C(2 l ) = 0 
C(2 2 ) = 0 


3Z 5 + 9 Z 4 - 3Z 3 + 8Z 2 
3Z 5 + 12 Z 4 + 24Z 3 - 24Z 2 + 1 2Z 

- 3Z 4 - 10Z 3 - 2Z 2 - 12Z 

- 3Z 4 - I2Z 3 - 24Z 2 +24Z- 12 

R(Z)=+ 2 Z 3 + 5Z 2 - 2Z+12 

C(2 3 ) = 0 
C(2 4 ) = 0 

C(2 S ) = - 16 = 1 (mod 17), etc. 

It can be shown also that if there are errors in the received 
codewords: 

r (2')*0 
r (2 2 )*0 
r (2 3 )*0 
r (2 4 )# 0 

Suppose 2 errors exist in the received codeword at the 
positions underlined below: 

r(Z) = 5Z° + 2Z 1 +VZ 2 + 1 5Z 3 + 2Z 4 + 1 Z 5 + 2Z 6 + Z 7 
or, written differently, 
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I 




(r Q . r , . r y ■ ■ ■ . r, ) = (5,2,9,! 5,2, [,2,1) 

= (5,2,12-3,15,2,3-2,2,1) 


Tlie error pattern is 


where e(Z) = (e n , e , • • *, e ? )is the symbol error pattern. But 
C(Z) is a multiple of q(Z), and, consequently, 


C( 7 * ) = C(2 k ) = 0, for k = 1,2,3, 4 


(0,0 ,-3,0 ,0.-2 ,0,0) 


so that 


or 

(0,0,14.0,0,15,0.0) 


8- I 

J2 C i (- k 1 = 0, for k = 1 ,2,3,4 
» o 


The received pattern can be rewritten as 


Thus, Eq . ( 1 4 ) becomes 


(C c c 

'o' !' 2 ’ 


,C 7 ) + ( V 


- 7 ) 


8-1 

s k = £ e. (2* )' = H k , for k = 1 ,2,3,4 ( 1 5) 

i= 0 


(5,2,1 2, 15,2 ,3 ,2,1) + (0,0,14, 0,0,15,0,0) 

where (e Q , e f , ■ • e^) >s an error pattern, and (C 0 , C ( , • • •, 

C ? )are the uncurrupted symbols. 

Now the syndromes S k for r(Z ) = (r n , r - , , • • • , r 7 ), where 
r{Z) = 5 Z° + 2 Z 1 + 9 Z 2 + 1 5Z 3 + 2Z 4 + Z 5 + 2Z 6 +Z 7 ,can 
be computed by defining 


Equation (15) reveals that the syndrome S k is in fact the DFT 
of the error pattern, i.e., S k = E k = DFT of ey. 

The problem in decoding the RS code is to try to determine 
the values of e jt i = 0,1 ,2, • • •, 7. Since at present e, are not 
known, we let >', and X , be the ith error amplitude and the / th 
error location, respectively. Thus, the syndrome in Eq. (15) 
can be re-expressed as 


N - I 8-1 

1- 0 f= 0 


for it = 1 ,2, • • \ D - 1 = 2t (i.e., k = 1 ,2,3,4) and 7 = 2. 

Since r(Z) = (r Q . r | , • • •, r ? ), the received symbols are 
known: the syndromes 5^, S 2> and S 4 can be calculated 
from F.q. (13). Specifically, for r(2)= (5,2,9,15.2,1.2,1), Eq. 
(13) yields (.5, . S y S y S 4 ) to be (-8, -5,1 1,-1). 

Actually, the way Eq. (13) was defined implicitly spells out 
the relationship between the syndromes and the symbol error 
pattern, for from Eq. (13), 

\ • £ «■,+*,> 2 " 

1=0 

(14) 

8- | 8— I 

= £ C. 2 ki + £ e 2 ki 

1=0 <- 0 


8- 1 

S k = Y , X , k . '« r * = '-2,3,4 

i= I 

However, as we see above. (e 0 , e, , • • -,e 7 ) are all zero except 
in the location / 2 , • • •, where t is the maximum number 
of symbol errors that can be corrected. This is to say that 


S k = £ VO** ^ k = 1,23,4 

1=1 

r =2 

= E 

1=1 

(in our example ) 

Hence, 

S fc = (2* )° + ? , (2*) 1 + • • • + e ? (2* ) 7 , 

for* = 1,2,3 ,4 
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or 


= 0(2*)° +0(2*)' + 14(2* ) 2 
+ • • • + 15(2* ) s + • • - + 0(2* ) 7 , 

< £ V V '' '’^ ) = (0 ’ 0 ’ 140 ’ 0 ' l5 ’ 00) 


S k = 1 4(2* ) 2 + 15(2" )\ for k = 1 ,2,3,4 


* vS 


Since from the above S , S 2 , S Jt S 4 are *8, -5, 11,-1, we 
have 


V. ,+ ¥: ,=s . = - 8 


V.* + y aV- s a-5 


-£ Y , E <V>* 


/=i *=i 


-E n 


i I 


Xx 


1 - Xx' 


the last step being obtained by the usual technique of sum- 
ming a geometrical series. Thus, 


X 


where 


«*» - E Y ,7-r- 


i I 


P( X) 
x - X. u(x) 


V. , + y iV- s i-ii 


y .V + W- S 4-| 


However, rather than solving the four nonlinear equations 
directly, it will be simpler to obtain the transform of the error 
pattern. After simple calculations, take the inverse discrete 
Fourier transform of the result to achieve the error pattern. 
This method is now described. 

From the previous discussion, since S k = E k for k = 1 ,2,3,4, 
some of the transforms of the error pattern e(Z) are known at 
this stage. The rest of the transforms, i.e., E Q . E s , E b , f.' 7 , can 
be computed from those already known, i.e., E x , E 2 , E it E 4 . 
To do this, let us define a generating function as 


E(x) = k'x 1 + Ex 2 + Ex 3 + • • • = E x 

I 2 3 •—> k 




k I 


in which it is noted that f.' 8 = E Q , E 9 = E . etc. Since 


8- i 2 

S. = E = y e 2"* = y Y.X k 

k k i—i n ' * i i 

n= 0 i= | 


substituting Eq. ( 16) into Fq. ( 1 7) gives 


(16) 


(17) 


- E (E V,*) 

* = i \ »=i / 


-k 


O(x) = (X- X') 


1=1 


= * 2 -Uf, +X 2 )x*X l X 2 


: x - o t x + a 2 


and o (x) is called the “error location polynomial” since its 
roots help to locate the errors: 

E(x) = - 8x _l -5x~ 2 + I lx" 3 -x" 4 +?x" s + ?x 6 (18) 

It can be shown that a (x) can be obtained from Eq. (18) by 
the “continued fraction method” developed by Prof. L. R. 
Welch and R. Schultz of USC (Ref. 10) as an alternative 
method to the Berlekamp algorithm, which solves the same 
problem. The “continued fraction method" is illustrated in 
Table 1 . 

From Table I, one observes that 


R } = 0 + ?x 3 + • • • 


o(-v) = o 3 (x) = (x - x, ) (x - x 2 ) 

= (2x + 3) (bx - 4) = x 2 - 2x + 9 

Hence, 


a, =2, o 2 =9 
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Table 1. The continued 



> I f I I I l I 


ami 


o(A' ( ) = X- -IX. + 9 = 0, for i = 1 ,2 
Multiplying the above equation by Y Xj gives 

> ,Y 2 +/ - 2F X 1 + 9 YXf = 0, for i = 1 ,2 

i / ri i i 

Substituting 


2 



1= I 


the inverse DFT of E k is defined by 

» i 

e = (8)' 1 Y* A\ 2~"\ for w * 0,1 ,2, ••,7 

n A 

A 0 

* (-:)(/•„ 2 ° + e : " + • • • + /•: : 7 ") 

(19) 

Since E Q , • • \ /: 7 are now known. c’ 0 , • • • , <’ 7 can be solved. 

It can be shown, as expected, that for this example 
(e 0 ,e r --,e 7 ) = (0.0.14.0,0,15,0.0) 


into Hq. ( 19) yields 

/•; . - 2t: . + o/-; = o. for / = i .2,3 
2 +/ t+/ / 

Using this recursive formula, /f , /;' s , A’ , A’ ? can be com- 
puted from E . E , E . E*. Thus (see Hq. 15), 

E = 2 E\ - 9 E\ = 2(- I ) -9( 1 1 )= 1 (mod 17) 

5 4 3 

Similarly, 

E. = 1 1 (mod 17) 

E 1 = 13 (mod 17) 
t- H = 1 2 (mod 1 7) = E q 

Tims. 

E(Z) = (12, -8, -5, 11,-1, 1, 11,13) 

Since 

8- I 

E. = Y e 2"*, for ** 0.1,2, -,7 

k Z— < n 

n = 0 


Since the received codeword is (5,2,9,15,2,1 .2.1 )and the error 
pattern is (0,0,14.0,0.15,0.0), the corrected coded sequence is 
(5,2,9.15.2.1,2.1) - (0.0.14.0.0.15.0.0) = (5.2.12.15.2.3.2.1). 

To recapitulate, the decoding of Reed-Solomon codes using 
the transform over (iF( ) is composed of the following 
three steps (Ref. 1 1 ): 

(1) Compute the DFT over GF{F n ) of the received code 
iV-tuple; i.e., 

S* - £ V* 

m=0 

where r G f7F(F’ M ). and y is an element of order .V. 

(2) Use continued fractions to determine o ( from the 
known Sj = E f for / = 1 ,2, • • •. t and / = 1 ,2, • • •, 2 1. 
Then compute the remaining transform errors 

(3) Compute the inverse of the transform over GE\F fl ) of 
S k - E k to obtain the corrected code. 
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